NSA surveillance routinely violating U.S. and international law
The Washington Post is reporting that the National Security Agency has broken its own privacy rules or overstepped its legal authority thousands of times each year since 2008, citing top-secret documents provided by whistleblower Edward Snowden.
Most of the infractions involved illegal surveillance of U.S. citizens or foreign intelligence targets in the United States, ranging from significant violations of law to typographical errors that resulted in unintended interception of U.S. emails and telephone calls, according to the Post.
In one instance, the NSA decided it would not report the unintended surveillance of Americans to the FISA court. A notable example in 2008 was the interception of a “large number” of calls placed from Washington when a “programming error” confused U.S. area code 202 for 20, the international dialing code for Egypt.
The NSA audit that Snowden provided to the Post, dated May 2012, counted 2,776 incidents in the preceding 12 months of unauthorized collection, storage, access to or distribution of legally protected communications.
In other words, the NSA – which was granted greatly expanded legal authority in 2008 by Congress in the FISA Amendments Act – has been routinely flouting Americans’ legal protections with impunity for years.
“The number of ‘compliance incidents’ is jaw-dropping,” said Jameel Jaffer, ACLU deputy legal director. “The rules around government surveillance are so permissive that it is difficult to comprehend how the intelligence community could possibly have managed to violate them so often.”
He pointed out that “at least some of these incidents seem to have implicated the privacy of thousands or millions of innocent people.”
The incidents are not only infractions of of U.S. law, but also international law.
As Privacy International has pointed out:
Human rights conventions and national constitutions almost universally call for the protection of the right to privacy – the challenge is ensuring that governments comply with this requirement, particularly with respect to new technologies and in countries that lack the rule of law.
The modern privacy benchmark at an international level can be found in Article 12 of the 1948 Universal Declaration of Human Rights, which specifically protects territorial and communications privacy. Numerous other international human rights treaties recognize privacy as a right: Article 17 of the International Covenant on Civil and Political Rights 1966, Article 14 of the United Nations Convention on Migrant Workers, and Article 16 of the UN Convention of the Protection of the Child. Regional conventions that recognize the right to privacy includes Article 10 of the African Charter on the Rights and Welfare of the Child, Article 11 of the American Convention on Human Rights, Article 4 of the African Union Principles on Freedom of Expression, Article 5 of the American Declaration of the Rights and Duties of Man, Article 21 of the Arab Charter on Human Rights, and Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms.
An April 2013 report issued by the United Nations about the threat that government surveillance poses to the enjoyment of basic human rights found that state surveillance of communications is ubiquitous and such surveillance severely undermines citizens’ ability to enjoy a private life, to express themselves freely and enjoy other fundamental freedoms.
UN Special Rapporteur Frank La Rue noted that in the current era, “the State now has a greater capability to conduct simultaneous, invasive, targeted and broad-scale surveillance than ever before.”
The report touched on various problems in the use of surveillance, including the lack of judicial oversight, unregulated access to communications data and extra-legal surveillance. In addressing these concerns the UN “underlines the urgent need to further study new modalities of surveillance and to revise national laws regulating these practices in line with human rights standards.”
Toward this end, civil society groups, industry and international experts in communications surveillance law, policy and technology have developed the International Principles on the Application of Human Rights to Communications Surveillance, formally launched last month.
According to the Preamble of the International Principles,
Privacy is a fundamental human right, and is central to the maintenance of democratic societies. It is essential to human dignity and it reinforces other rights, such as freedom of expression and information, and freedom of association, and is recognised under international human rights law. Activities that restrict the right to privacy, including communications surveillance, can only be justified when they are prescribed by law, they are necessary to achieve a legitimate aim, and are proportionate to the aim pursued.
Before public adoption of the Internet, well-established legal principles and logistical burdens inherent in monitoring communications created limits to State communications surveillance. In recent decades, those logistical barriers to surveillance have decreased and the application of legal principles in new technological contexts has become unclear. The explosion of digital communications content and information about communications, or “communications metadata” — information about an individual’s communications or use of electronic devices — the falling cost of storing and mining large sets of data, and the provision of personal content through third party service providers make State surveillance possible at an unprecedented scale. Meanwhile, conceptualisations of existing human rights law have not kept up with the modern and changing communications surveillance capabilities of the State, the ability of the State to combine and organize information gained from different surveillance techniques, or the increased sensitivity of the information available to be accessed.
The frequency with which States are seeking access to both communications content and communications metadata is rising dramatically, without adequate scrutiny. When accessed and analysed, communications metadata may create a profile of an individual’s life, including medical conditions, political and religious viewpoints, associations, interactions and interests, disclosing as much detail as, or even greater detail than would be discernible from the content of communications. Despite the vast potential for intrusion into an individual’s life and the chilling effect on political and other associations, legislative and policy instruments often afford communications metadata a lower level of protection and do not place sufficient restrictions on how they can be subsequently used by agencies, including how they are data-mined, shared, and retained.
In order for States to actually meet their international human rights obligations in relation to communications surveillance, they must comply with the principles set out below. These principles apply to surveillance conducted within a State or extraterritorially. The principles also apply regardless of the purpose for the surveillance — law enforcement, national security or any other regulatory purpose. They also apply both to the State’s obligation to respect and fulfil individuals’ rights, and also to the obligation to protect individuals’ rights from abuse by non-State actors, including corporate entities. The private sector bears equal responsibility for respecting human rights, particularly given the key role it plays in designing, developing and disseminating technologies; enabling and providing communications; and – where required – cooperating with State surveillance activities. Nevertheless, the scope of the present Principles is limited to the obligations of the State.
The Principles include 13 key points, summarized here:
Legality: Any limitation on the right to privacy must be prescribed by law.
Legitimate Aim: Laws should only permit communications surveillance by specified State authorities to achieve a legitimate aim that corresponds to a predominantly important legal interest that is necessary in a democratic society.
Necessity: Laws permitting communications surveillance by the State must limit surveillance to that which is strictly and demonstrably necessary to achieve a legitimate aim.
Adequacy: Any instance of communications surveillance authorised by law must be appropriate to fulfill the specific legitimate aim identified.
Proportionality: Decisions about communications surveillance must be made by weighing the benefit sought to be achieved against the harm that would be caused to users’ rights and to other competing interests.
Competent judicial authority: Determinations related to communications surveillance must be made by a competent judicial authority that is impartial and independent.
Due process: States must respect and guarantee individuals’ human rights by ensuring that lawful procedures that govern any interference with human rights are properly enumerated in law, consistently practiced, and available to the general public.
User notification: Individuals should be notified of a decision authorising communications surveillance with enough time and information to enable them to appeal the decision, and should have access to the materials presented in support of the application for authorisation.
Transparency: States should be transparent about the use and scope of communications surveillance techniques and powers.
Public oversight: States should establish independent oversight mechanisms to ensure transparency and accountability of communications surveillance.
Integrity of communications and systems: States should not compel service providers, or hardware or software vendors to build surveillance or monitoring capabilities into their systems, or to collect or retain information.
Safeguards for international cooperation: Mutual Legal Assistance Treaties (MLATs) entered into by States should ensure that, where the laws of more than one State could apply to communications surveillance, the available standard with the higher level of protection for users should apply.
Safeguards against illegitimate access: States should enact legislation criminalising illegal communications surveillance by public and private actors.
With the new revelations exposed by the Post along with all the other Snowden leaks from recent months, it is clear that many – if not all – of these 13 principles are being violated routinely by the NSA’s surveillance activities.
To sign on to the International Principles, click here.
Click here to tell Congress to end the U.S. surveillance state.